Take that, Security!

I’ve put together a Gnome applet that checks the balance of an online bank account at predetermined times and emails the balances to a selected email address. It’s unimaginatively titled “balancer“.

It’s (1) useful, and (2) scares the crap out of me.

The useful part is pretty self evident. I want to know my current balance so I can reign in my spending if I’m going overboard.

The scary part is equally self evident. balancer keeps bank credentials on the user’s computer. That’s a terrible idea. An attacker who wants to make some cash just has to trawl the secrets stored in the GnomeKeyring to get access to the user’s life savings. In theory, GnomeKeyring could be secure-ish, if it kept all of its secrets on a portion of the disk hidden from users and blocked access on too many failed access attempts. But it doesn’t seem to. It looks like it keeps secrets in ~/.gnome2/keyrings. If an attacker can subvert an app owned by the user, then they can read ~/.gnome2/keyrings/balancer.credentials.keyring and pass the file offsite for an offline dictionary attack. Eep!

On top of that, GnomeKeyring differentiates between apps based on the path to the app binary. I guess this works for native applications, but it breaks when the app runs in a virtual machine. My app, balancer, is written in Python. After I run it, other Python apps are able to dig into the GnomeKeyring without the user being prompted for a password. Noes!

It’s funny. I tried Wesabe, and had no problem putting myself at the same risk balancer would inflict on me. Even though the Wesabe client has the same security problems, I put them out of my head because someone else wrote the code. But I’m having a hard time doing that with something I wrote.

4 Responses to “Take that, Security!”

  1. Posted by MG
    2009.Nov.10 @ 22:42

    Not really familiar with Wesabe, but doesn’t present a more enticing target? Assuming your software doesn’t become widely used, then it’s not likely that someone is going to target your software. Unless it’s a personal attack.. And it’s not likely you could stop someone if they were really determine.

    An attack on Wesabe get’s me your credentials and that of a bunch of other people.

    Respond to this comment
  • Posted by MG
    2009.Nov.11 @ 23:57

    Being secure is not the same as being an unlikely target… My keys are in my car in my drive way. It’s not secure, but no one walks by my place looking for cars to steal so it’s not likely to get stolen.

    The real question is not weather the software is more secure but which is more likely to be successfully attacked. ideally you would have the better software on the out of the way server.

    And if some can get to you files to get your credentials it’s not that big a leap to install keylogger software and grab your Wesabe password.

    Respond to this comment

    • Reply

    You can use these HTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

    If your website is claim enabled, it will be notified that you have posted here.